Dynamic Data Masking Accelerator Guide for use with SAP

Dynamic Data Masking Accelerator Guide for use with SAP

SAPAppRuleSet Security Rule Set

SAPAppRuleSet Security Rule Set

The SAPAppRuleSet security rule set receives SQL requests from the SAPAppConnRule connection rule if the request comes from an SAP client. You can mask data based on the type of user that accesses the database.
The following table describes the rule folders in the SAPAppRuleSet security rule set:
Rule Folder
Description
BlackList
Contains the BlackListDefinition and ExecuteUnion rules.
CustomerMasking
Contains masking rules for customers.
EmployeeMasking
Contains masking rules for employees.
UserHandling
Contains masking rules based on the application user that accesses the data.
VendorMasking
Contains masking rules for vendors.
WhiteList
Contains the WhiteListDefinition and ExecuteUnion rules.
The following table describes the rules in the SAPAppRuleSet security rule set:
Rule
Description
BlackListDefinition
Defines the users that receive masked data. Separate users with a comma.
ExecuteUnion
Rewrites the SQL request.
RULE_EMAIL_MASK
Masks email addresses.
RULE_NAMEMASK
Masks names.
RULE_STREET_MASK
Masks addresses.
RULE_TELENO
Masks telephone numbers.
SaveOrig
Saves the original SQL request.
WhiteListDefinition
Defines the users that receive unmasked data. Separate users with a comma.